ALB, NLB or CLB for our AWS load balancer?
ALB for HTTP/HTTPS apps (default choice), NLB for TCP/UDP and very high throughput, CLB only for legacy reasons (consider migrating). For modern web apps, ALB in 95 percent of cases.
Try this first
- 1For HTTP/HTTPS, REST APIs, host-based or path-based routing, WAF integration: ALB. Supports HTTP/2, gRPC and Lambda targets.
- 2For TCP, UDP, TLS pass-through, or throughput above 100 Gbps: NLB. Lower latency, no Layer 7 features.
- 3For sticky sessions with simple HTTP without complex routing: ALB with target-group stickiness. CLB offers nothing ALB doesn't.
- 4Migrate CLB to ALB. AWS offers a one-click migration tool, and ALB is cheaper per LCU at average use.
- 5For a mix of protocols: multiple LBs. Not one NLB for everything, that loses Layer 7 benefits.
When to bring us in
If you have an mTLS architecture or internal-only with PrivateLink publishing, there's a design choice between ALB-with-mTLS and NLB-with-TLS. A short review can save a wrong day's work.
See also
- Everyone logs in with the AWS root accountRoot is for emergencies and billing. Day-to-day work belongs in IAM users or SSO.
- Every developer has AdministratorAccessAdministratorAccess everywhere is convenient now, painful later. Start with role-based policies.
- Everyone has individual IAM users with their own passwordIdentity Center (formerly AWS SSO) links to your IdP and issues temporary credentials per session.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.